DNS: An Example of Ecosystem Partnerships

DNS: An Example of Ecosystem Partnerships

Likes: Taking on the enemy with partners, Automating processes, good scotch and bourbon

Dislikes: Poor reporting, FUD, miscreants, dangling participles

My name is Zot O'Connor and I am a computer genius. Really, the Seattle Post-Intelligencer says so . Okay, not directly, but I was one of the group of "computer geniuses" converging on our campus back in March because of this DNS issue. I am not a programmer, so what was I doing there? Fulfilling one of the roles of the EcoStrat team, being a trusted advisor and helping prove it "Takes an Internet Village."

Shortly after Dan Kaminsky discovered the design issue, he and Dave Midturi (the MSRC Security Program Manager working on the issue) realized that this was an industry issue and holding a summit at our campus right after CanSecWest would maximize the opportunity for getting the real geniuses in the room. They came to me and Katie Moussouris for help with organizing and making this process successful.

Our team swung into action, taking care of the hosting details (which we do for events like BlueHat), reviewing the list of invitees, and offering advice when asked. We knew this could be rough: we are talking about a coordinated release of open source, proprietary and embedded software, each with different distribution methods and issues. We are also talking about a diversity of personalities, philosophies and skills.

At the event itself I was impressed with how everyone checked their egos, emotions and issues at the door and focused on the grave problem at hand. A plan was formed, a schedule set and communication channels determined. Everyone left knowing what we had to do, except maybe Dan and me.

Personally, I set up channels to inform more partners as the update was rolled out. I've been spending a lot of time getting folks to understand the gravity of the situation and to pass the word to the rest of the communities. As the details and exploits have emerged, that task is easier, but laying the groundwork certainly sped up adoption rates.

This issue goes to the heart of community-based defense. No one DNS server provider can fix the problem. A combination of our experience in working across boundaries, the dedication of the convened group and the support of global security communities showed how we can collectively provide protection for the ecosystem.

I enjoyed Dan’s talk today here at Black Hat, worry about attacks that may come, and wish I could wave a magic wand and get everyone to update their systems. In the meantime, I will continue to work with the ecosystem: together we are monitoring for attacks, analyzing information, coordinating data feeds and sharing information that can help protect users.

Once we get a handle on that, I’ll try to figure out how to add "computer genius" to my official title...

- Zot O'Connor

*Postings are provided "AS IS" with no warranties, and confers no rights.*